Sovereign with a European Cloud

In this article you will read about,

• what constitutes sovereignty in IT,
• how the Open Telekom Cloud meets sovereignty requirements and
• how the Open Telekom Cloud permanently ensures a high level of security.

Sovereignty in information technology is a buzzword that has been experiencing a renaissance for some time. Aspects of sovereignty play an important role for initiatives such as Gaia-X or Catena-X. Last but not least, the topic also has a strong political component. European companies that want to position themselves for the digital future are increasingly incorporating sovereignty aspects into their decision-making. They are looking for long-term planning security and maximum independence.

The problem with sovereignty: Depending on the perspective and situation of the respective organization, sovereignty can be interpreted in many different ways. A uniform definition will not be agreed on in the foreseeable future. Sovereignty solutions must meet specific requirements in certain deployment scenarios (use cases) – and this does not always have to be a high-end sovereignty solution. All stakeholders agree that the dream of perfect sovereignty is not feasible in a digital world. To achieve this, companies would have to have complete control over all services, from the chip to the cloud service; an illusory claim in the world of the 21st century, which is based on the division of labor. In a pragmatic approach, sovereignty requirements are therefore often based on the criticality of the processes supported and the sensitivity of the processed data.

As a European cloud, the Open Telekom Cloud meets some basic European sovereignty requirements by design. It is hosted exclusively in European data centers (Germany, Netherlands, Switzerland) and is operated exclusively by personnel based in Europe. T-Systems or Deutsche Telekom as a German company is committed to the European legal framework. Access by non-European authorities is not possible.

For the Open Telekom Cloud, four technical and organizational components are relevant in the sovereignty discussion: Data sovereignty, operational sovereignty, technology sovereignty and sustainability.

• Data Sovereignty: 
  Data that customers store or process on the Open Telekom Cloud is not accessed, manipulated, deleted or copied by anyone (including Open Telekom Cloud employees). The Open Telekom Cloud offers platform-specific encryption procedures, among other things, but also offers customers encryption or key management outside of the cloud platform – without access for any Open Telekom Cloud staff. Confidential computing is also available, which allows data to be encrypted during processing.
• Operational Sovereignty:
  By operating the Open Telekom Cloud in the EU and by having only EU-based employees, we can guarantee that none of the legal frameworks specified by the EU/GDPR can be endangered or compromised.
• Technology Sovereignty: 
  The Open Telekom Cloud is based on OpenStack. The open source software is developed and updated by a broad community. The community approach and continuous testing of compliance with the community specifications ensure that no dependencies arise. Customers have the option of migrating workloads to other platforms (including their own in-house resources) at any time thanks to the open standard. Open source is an effective instrument for preventing vendor lock-in.
• Sustainability:
  From the perspective of the Open Telekom Cloud, the importance of sustainability as a criterion for sovereign clouds will grow rapidly. The requirements for "green IT", which will be accompanied by increasing reporting in the next few years, mean that customers will also have to measure the future security of their platforms against their carbon footprint. The Open Telekom Cloud is provided from highly efficient data centers powered by electricity from renewable sources. With its internal Green Magenta seal, Deutsche Telekom already reflects sustainability requirements that are increasingly being laid down in binding legislation.

A large number of certifications attest to the high security level of the Open Telekom Cloud. To maintain this high level, the Open Telekom Cloud undergoes a regular, rigorous privacy and security assessment. Security experts check all extensions to the cloud. Components are tested in test environments before being released to customers. This also includes regular security and penetration tests that continuously check the cloud for vulnerabilities, compliance and suspicious network communications from inside and outside. The Telekom Security Operation Center monitors log data for suspicious activity.

Open Telekom is broadly positioned with three twin-core high-security sites and a total of nine availability zones, ensuring the availability of services. Staff must undergo regular security checks. In addition, the Open Telekom Cloud relies on standardized x86 servers. A multi-vendor strategy ensures that new hardware components are always available to meet growing demand. OpenStack as an open cloud operating system allows code reviews at any time. The Open Telekom Cloud is certified by the OpenStack Foundation: All software components are regularly checked for security, functionality and compliance with OpenStack standards.

Sovereign or not? Everyone will draw their own conclusions. However, as a European cloud, the Open Telekom Cloud fulfills a large number of sovereignty requirements "by design". Many customers have already been convinced.